WP-Safety

Yellow Schedule Security & Risk Analysis

wordpress.org/plugins/yellow-schedule

Fast and Secure Scheduling (HIPAA Compliance). We streamline your entire appointments process, giving you more time to do what you do best.

20 active installs v1.1 PHP + WP 3.9+ Updated Mar 31, 2015
appointment-booking-plugin-for-wordpressappointment-schedulingappointmentsschedulescheduling
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Yellow Schedule Safe to Use in 2026?

Generally Safe

Score 85/100

Yellow Schedule has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The yellow-schedule plugin v1.1 exhibits a generally positive security posture, adhering to several best practices. The absence of known CVEs and the consistent use of prepared statements for SQL queries are strong indicators of a well-maintained and security-conscious development process. Furthermore, the plugin has no recorded vulnerabilities, suggesting a history of secure coding. However, the static analysis reveals some areas that warrant attention. The presence of unsanitized paths in taint analysis, even without critical or high severity flows, suggests potential for logic flaws or unintended behavior if these paths are exposed. Additionally, while the percentage of properly escaped output is high, the existence of 18% unescaped output presents a moderate risk of cross-site scripting (XSS) vulnerabilities. The complete lack of nonce and capability checks across all entry points, including the shortcode, is a significant concern, potentially allowing unauthorized actions or data manipulation by unauthenticated users.

Key Concerns

  • Unsanitized taint flow paths detected
  • Unescaped output detected (18% of total)
  • No nonce checks on any entry points
  • No capability checks on any entry points
Vulnerabilities
None known

Yellow Schedule Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Yellow Schedule Release Timeline

v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Yellow Schedule Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
9 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

82% escaped11 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
settings_page (includes\class-yellow-schedule-settings.php:209)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Yellow Schedule Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[yellow_schedule] yellow-schedule.php:48
WordPress Hooks 8
actioninitincludes\class-yellow-schedule-settings.php:46
actionadmin_initincludes\class-yellow-schedule-settings.php:49
actionadmin_menuincludes\class-yellow-schedule-settings.php:52
actionwp_enqueue_scriptsincludes\class-yellow-schedule.php:100
actionwp_enqueue_scriptsincludes\class-yellow-schedule.php:101
actionadmin_enqueue_scriptsincludes\class-yellow-schedule.php:104
actionadmin_enqueue_scriptsincludes\class-yellow-schedule.php:105
actioninitincludes\class-yellow-schedule.php:114
Maintenance & Trust

Yellow Schedule Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42
Last updatedMar 31, 2015
PHP min version
Downloads3K

Community Trust

Rating74/100
Number of ratings3
Active installs20
Alternatives

Yellow Schedule Alternatives

SuperSaaS – online appointment scheduling

SuperSaaS – online appointment scheduling

supersaas-appointment-scheduling

A
99

SuperSaaS is a flexible appointment scheduling system that works with many different businesses. The basic version is free.

1K 2 CVEs
Ultimate Appointment Booking & Scheduling

Ultimate Appointment Booking & Scheduling

ultimate-appointment-scheduling

A
100

Appointment booking calendar and scheduling plugin that lets you set up different services, service providers, locations and availability

90 1 CVE
Nemtly Booking – Events, Appointments & Booking Calendar

Nemtly Booking – Events, Appointments & Booking Calendar

nemtly-booking

A
100

Book appointments and events 24/7 with Stripe payments, Google Calendar sync, reminders, and a customer dashboard. Blocks and shortcodes included.

0 No CVEs
LatePoint – Calendar Booking Plugin for Appointments and Events

LatePoint – Calendar Booking Plugin for Appointments and Events

latepoint

F
20

Optimize your appointment scheduling with our plugin. Sync calendars, automate reminders, and keep your bookings organized.

100K 2 unpatched
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin

simply-schedule-appointments

A
88

Unlimited appointments, booking calendars, and notifications. Powerful appointment booking plugin and booking system. Start scheduling for free today!

60K 27 CVEs
Developer Profile

Yellow Schedule Developer Profile

yellowschedule

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yellow Schedule

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yellow-schedule/css/style.css/wp-content/plugins/yellow-schedule/js/admin.js/wp-content/plugins/yellow-schedule/js/settings.js
Script Paths
https://www.yellowschedule.com/_javascript/dm.booking.min.js

HTML / DOM Fingerprints

Data Attributes
data-ys-business-code
JS Globals
jQueryyellowschedule
Shortcode Output
<div id="bookingAvailabilityContainer"><a href="https://www.yellowschedule.com">Online Appointment Scheduling</a> by YellowSchedule.com</div>
FAQ

Frequently Asked Questions about Yellow Schedule